[原文]Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.

-
公告与补丁

The maintainer has responded to advise users to migrate to PyGopherd, as UMN gohperd has been removed from distribution and is no longer supported. Debian has released an advisory (DSA 387-1) and fixes for this issue. See the referenced advisory for links to fixed packages. University of Minnesota gopherd 3.0.3

-
漏洞讨论

It has been reported that University of Minnesota gopherd is vulnerable to a remotely exploitable boundary condition error. This may make it possible for an attacker to gain unauthorized access to a host using the vulnerable software.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

-
解决方案

The maintainer has responded to advise users to migrate to PyGopherd, as UMN gohperd has been removed from distribution and is no longer supported.

Debian has released an advisory (DSA 387-1) and fixes for this issue. See the referenced advisory for links to fixed packages.